A Digital Shield to Keep Hackers Out of Your Pacemaker

Like everything else in our lives, implanted medical devices, such as pacemakers, brain implants and cardiac defibrillators, are more connected than ever via wireless capability. But that also makes them vulnerable. Some security experts are now turning their attention to the problem, including a team that has invented a digital "shield" worn around the neck.

Each year, physicians implant more than 300,000 medical devices into people's bodies around the world—pacemakers, drug pumps and brain stimulators, to name a few. Increasingly, these devices wirelessly transmit and receive data and instructions, as when doctors query the device for information or fine-tune how it functions. Because these devices weren't made with digital attacks in mind, their transmissions aren't encrypted. That leaves them open to a possible attack by hackers.

Rick Hampton, a wireless-communications manager for a group of hospitals in Boston, says that with a spate of recent attacks against websites, social-media accounts and multinational organizations such as Sony and the International Monetary Fund, it's not inconceivable that hackers of malicious intent might try to mess with medical devices just because they could. So researchers are trying to develop digital defenses now.

In a study to be presented at the Association for Computing Machinery's SIGCOMM conference in August, researchers from MIT and the University of Massachusetts, Amherst unveil their idea for a solution: a portable radio transmitter they call the shield, which is about the size of a coin and could be worn like a necklace.

First, MIT researcher Dina Katabi and colleagues showed that it is indeed possible to hack a medical device from afar. In their tests they sent "rogue" commands to a cardiac defibrillator, telling the device to transmit data or depleting its batteries. Without the shield, the researchers could send these covert commands up to 85 feet away.

So the idea of the shield was born. It works as an intermediary between the physician operator and the device—a pacemaker, for example—by acting as a midpoint where the data can be encrypted. The first of the shield's two antennas broadcasts a randomly generated jamming signal at the same frequency as the pacemaker's transmissions, masking the information contained inside the transmission to anyone who might be trying to access it covertly. The second antenna contains not only a transmitter, but also a receiver. That transmitter broadcasts an "antidote signal" that cancels out the jamming signal and allows its receiver to decode the information sent by the pacemaker. Only the shield knows the content of the random jamming signal, and the only place that jamming signal is canceled out is the receiver in antenna No. 2.

This encryption allows the shield to communicate with and control the implantable medical device, while preventing outsiders from eavesdropping on the device's wireless transmissions or sending it nefarious commands. Once the information has safely made it to the shield, the shield is then equipped to encrypt that information by traditional means before beaming it to the physician or programmer who needs to access that data.

Of course, the shield isn't totally impenetrable—no system is. The researchers found that by using a transmitter with 100 times the shield's transmitting power, they could disable the shield within 16 feet of it. Katabi admits this is a limitation, but all security systems have limitations. "Security is about raising the bar," she says. "This is really significantly raising the bar."

Like all devices, implanted medical technology is becoming more connected—and therefore more vulnerable—all the time. Researchers are quick to point out that there has been no documented case of medical devices being hacked. But that doesn't mean it's too early to address it as a possible concern. "It's not something people should panic about now, but it's high time to do something about it," Katabi says. "The right time to provide solutions is before the problem happens."

University of Washington computer scientist Yoshi Kohno, who was uninvolved in the study, says this is the first such device designed to protect implantable medical devices without altering the hardware itself. Kevin Fu, a study co-author and computer scientist at UMass, says that's going to be the key to success for any technology to protect pacemakers, brain implants and other medical devices. Having encrypted hardware inside your body could be dangerous in a life-threatening surgery or situation when physicians need to be absolutely sure that they can communicate with the device.

Besides, millions of people around the world have implanted devices, and to give you an upgrade, surgeons would have to cut you open to tinker with your pacemaker. "It's not quite as easy as an oil change," Fu says.